CVS commit: pkgsrc/security/py-paramiko

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/py-paramiko
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Sun, 24 May 2026 06:17:51 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Sun May 24 06:17:51 UTC 2026

Modified Files:
        pkgsrc/security/py-paramiko: Makefile PLIST distinfo

Log Message:
py-paramiko: updated to 5.0.0

5.0.0

[Feature]: Added a new, optional file_format keyword argument to PKey.write_private_key and PKey.write_private_key_file to allow writing out OpenSSH-style private key files in addition to the legacy 
PEM format.

Warning
While the default format remains PEM in Paramiko 5, future major releases are likely to change that default to the OpenSSH format. We recommend updating any key-writing code you have to be explicit 
now, to insulate yourself from such an update.
[Bug]: Added a password kwarg to PKey.from_type_string so it can handle encrypted keys like most other PKey constructors already could.

[Bug]: Fix Ed25519Key’s internals such that it no longer throws AttributeError during calls to __repr__ when only partly initialized. This isn’t a normal runtime problem (it only happens inside error 
handling for fatal errors like “not a valid private key”) but was perennially complicating test failure diagnosis and similar scenarios.

[Support]: Removed the demos/ folder; they’ve become too big a support burden and we’ve wanted to remove them for years.

Users who enjoyed the client-side demos should look at our wrapper library, Fabric.

We suspect the most-used demo was demos/demo-server.py and may consider adding a variant of it to the actual Python package in future.

[Support]: Renamed PKey.from_path’s passphrase argument to password so it’s consistent with all the other methods of instantiating PKey objects.

Warning
This change is backwards incompatible if you were using this relatively new constructor + were doing so to load encrypted keys.
[Support]: Removed support for verifying/signing with RSA keys using SHA-1 hashing. Generally, this means most cases where "ssh-rsa" was used as an algorithm identifier (as opposed to a key material 
identifier) will no longer accept that string as valid, and the relevant code that actually used eg hashes.SHA1 no longer does.

Warning
This change is backwards incompatible if you are stuck supporting legacy systems with Paramiko that are unable to use SHA2-based signatures with RSA keys (or other workarounds, such as switching from 
RSA keys to Ed25519 ones).
[Support]: Removed support for key exchange using SHA-1, meaning the kex methods diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, and diffie-hellman-group1-sha1 are now gone. 
Implementing classes have been removed/merged/shuffled as required.

Warning
This change is backwards incompatible if you were still supporting old systems that don’t implement sha256/sha512 DH kex (or ECDH kex).
[Support]: Removed GSSAPI support, as the current (buggy, no longer easily testable in CI, poorly understood and not used by the core team) implementation is SHA-1 based and no SHA-256 upgrade 
appeared to be forthcoming from contributors.

We don’t like removing functionality, but this feature has been on the rocks for years and it makes sense to remove it as an insecure support burden. We will definitely consider merging a 
SHA256-based replacement in the future if a high-quality one appears.

Side note: the GSS related constants in paramiko/common.py have been left in place as they are essentially mapping out known protocol numbers.

Warning
This change is backwards incompatible if you require GSS.
[Support]: Raised the minimum modulus size in diffie-hellman-group-exchange-sha256 key exchange from 1024 (the original spec’s minimum) to 2048 (the contemporary minimum according to RFC 9142, and 
matching a similar change by OpenSSH ten years ago in 7.2 / 2016).

Warning
This change may be backwards incompatible if you were targeting servers supporting only this kex method and whose own maximum modulus size for group-exchange was lower than 2048.
[Support]: The PKey class family tree reorganized the write_private_key and write_private_key_file methods; with other recent changes, having individual implementations on the child classes made no 
sense, so key writing is now implemented in PKey itself and the included child classes such as ECDSAKey no longer define their own such methods, instead simply exposing their underlying cryptographic 
private key objects as .private_key.


To generate a diff of this commit:
cvs rdiff -u -r1.62 -r1.63 pkgsrc/security/py-paramiko/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/security/py-paramiko/PLIST
cvs rdiff -u -r1.38 -r1.39 pkgsrc/security/py-paramiko/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/py-paramiko/Makefile
diff -u pkgsrc/security/py-paramiko/Makefile:1.62 pkgsrc/security/py-paramiko/Makefile:1.63
--- pkgsrc/security/py-paramiko/Makefile:1.62   Thu Oct  9 07:57:56 2025
+++ pkgsrc/security/py-paramiko/Makefile        Sun May 24 06:17:51 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.62 2025/10/09 07:57:56 wiz Exp $
+# $NetBSD: Makefile,v 1.63 2026/05/24 06:17:51 adam Exp $
 
-DISTNAME=      paramiko-4.0.0
+DISTNAME=      paramiko-5.0.0
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    security python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=p/paramiko/}
@@ -13,11 +13,9 @@ LICENSE=     gnu-lgpl-v2.1
 TOOL_DEPENDS+= ${PYPKGPREFIX}-setuptools>=78:../../devel/py-setuptools
 DEPENDS+=      ${PYPKGPREFIX}-invoke>=2.0:../../sysutils/py-invoke
 DEPENDS+=      ${PYPKGPREFIX}-nacl>=1.5:../../security/py-nacl
-# gssapi
-DEPENDS+=      ${PYPKGPREFIX}-asn1>=0.1.7:../../security/py-asn1
-DEPENDS+=      ${PYPKGPREFIX}-gssapi>=1.4.1:../../security/py-gssapi
-TEST_DEPENDS+= ${PYPKGPREFIX}-icecream-[0-9]*:../../misc/py-icecream
-TEST_DEPENDS+= ${PYPKGPREFIX}-test-relaxed>=1.1.5:../../devel/py-test-relaxed
+TEST_DEPENDS+= ${PYPKGPREFIX}-icecream>=2.1:../../misc/py-icecream
+TEST_DEPENDS+= ${PYPKGPREFIX}-test-relaxed>=2:../../devel/py-test-relaxed
+TEST_DEPENDS+= ${PYPKGPREFIX}-test-xdist>=3:../../devel/py-test-xdist
 
 USE_LANGUAGES= # none
 

Index: pkgsrc/security/py-paramiko/PLIST
diff -u pkgsrc/security/py-paramiko/PLIST:1.22 pkgsrc/security/py-paramiko/PLIST:1.23
--- pkgsrc/security/py-paramiko/PLIST:1.22      Fri Aug 22 07:27:47 2025
+++ pkgsrc/security/py-paramiko/PLIST   Sun May 24 06:17:51 2026
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.22 2025/08/22 07:27:47 adam Exp $
+@comment $NetBSD: PLIST,v 1.23 2026/05/24 06:17:51 adam Exp $
 ${PYSITELIB}/${WHEEL_INFODIR}/METADATA
 ${PYSITELIB}/${WHEEL_INFODIR}/RECORD
 ${PYSITELIB}/${WHEEL_INFODIR}/WHEEL
@@ -61,18 +61,12 @@ ${PYSITELIB}/paramiko/kex_ecdh_nist.pyo
 ${PYSITELIB}/paramiko/kex_gex.py
 ${PYSITELIB}/paramiko/kex_gex.pyc
 ${PYSITELIB}/paramiko/kex_gex.pyo
-${PYSITELIB}/paramiko/kex_group1.py
-${PYSITELIB}/paramiko/kex_group1.pyc
-${PYSITELIB}/paramiko/kex_group1.pyo
 ${PYSITELIB}/paramiko/kex_group14.py
 ${PYSITELIB}/paramiko/kex_group14.pyc
 ${PYSITELIB}/paramiko/kex_group14.pyo
 ${PYSITELIB}/paramiko/kex_group16.py
 ${PYSITELIB}/paramiko/kex_group16.pyc
 ${PYSITELIB}/paramiko/kex_group16.pyo
-${PYSITELIB}/paramiko/kex_gss.py
-${PYSITELIB}/paramiko/kex_gss.pyc
-${PYSITELIB}/paramiko/kex_gss.pyo
 ${PYSITELIB}/paramiko/message.py
 ${PYSITELIB}/paramiko/message.pyc
 ${PYSITELIB}/paramiko/message.pyo
@@ -121,9 +115,6 @@ ${PYSITELIB}/paramiko/sftp_si.pyo
 ${PYSITELIB}/paramiko/ssh_exception.py
 ${PYSITELIB}/paramiko/ssh_exception.pyc
 ${PYSITELIB}/paramiko/ssh_exception.pyo
-${PYSITELIB}/paramiko/ssh_gss.py
-${PYSITELIB}/paramiko/ssh_gss.pyc
-${PYSITELIB}/paramiko/ssh_gss.pyo
 ${PYSITELIB}/paramiko/transport.py
 ${PYSITELIB}/paramiko/transport.pyc
 ${PYSITELIB}/paramiko/transport.pyo

Index: pkgsrc/security/py-paramiko/distinfo
diff -u pkgsrc/security/py-paramiko/distinfo:1.38 pkgsrc/security/py-paramiko/distinfo:1.39
--- pkgsrc/security/py-paramiko/distinfo:1.38   Fri Aug 22 07:27:47 2025
+++ pkgsrc/security/py-paramiko/distinfo        Sun May 24 06:17:51 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.38 2025/08/22 07:27:47 adam Exp $
+$NetBSD: distinfo,v 1.39 2026/05/24 06:17:51 adam Exp $
 
-BLAKE2s (paramiko-4.0.0.tar.gz) = 2c8db0e9bf7bdd684ddbd90ecb7783168e2d3ea11490cf9ac39ee73b1d4997ee
-SHA512 (paramiko-4.0.0.tar.gz) = a2b08dd71b0635da51a4eb2992ed8a47b435810899c771002a5d81c653be7e706f0ab7e7b70018f3ba3ff6b925d93ac372b32221bf82c88c491b97788035e2af
-Size (paramiko-4.0.0.tar.gz) = 1630743 bytes
+BLAKE2s (paramiko-5.0.0.tar.gz) = ae1bea52c2915fb434e4d49bd94bf49f194b2cca0268ecdac92a2810966327c4
+SHA512 (paramiko-5.0.0.tar.gz) = a75f71d6ddf7631b933250f705eb1d9eeebe9007feebe2672cc36c36e50b33f641de4849657f713f7ea50d8ede2e20bcdf403f3b79b3efb8d2c8d19649b7d477
+Size (paramiko-5.0.0.tar.gz) = 1548586 bytes

Prev by Date: CVS commit: pkgsrc/sysutils/fabric
Next by Date: CVS commit: pkgsrc/devel/py-setuptools44
Previous by Thread: CVS commit: pkgsrc/sysutils/fabric
Next by Thread: CVS commit: pkgsrc/devel/py-setuptools44
Indexes:

Home | Main Index | Thread Index | Old Index